Jenkins Chaos Monkey Plugin 0.4 and previous versions does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netflix chaos monkey |